On Fri, May 22, 2015 at 5:20 AM, Walter H. walte...@mathemainzel.info wrote:
Hello
On 22.05.2015 08:30, Jeffrey Walton wrote:
Or are you talking about server certificates with fixed DH parameters?
can you please tell me more about this?
They have a DH group called out by parameters (an not
If the negotiated cipher suite for an RSA encrypted client-server
session does not involve using the RSA public keys, then when is RSA
used in that session ?
Not sure to fully understand your question, but the answer may be :
'Just for [server] authentication'
Hope this helps.
From: owner-openssl-users On Behalf Of Viktor Dukhovni
Sent: Friday, October 25, 2013 09:46
On Fri, Oct 25, 2013 at 06:35:08AM -0700, LN wrote:
I mean in a typical usage of OpenSSL is it mandatory to call
SSL_CTX_set_tmp_dh() if I call SSL_CTX_use_certificate()
and
From: owner-openssl-users On Behalf Of Patrick Pelletier
Sent: Friday, October 25, 2013 02:53
On 10/24/13 1:59 PM, Dave Thompson wrote:
(For EC, the specified curve must also be acceptable to client(s) per
ClientHello extension,
which encourages using the callback or choosing a popular
On 10/24/13 1:59 PM, Dave Thompson wrote:
(For EC, the specified curve must also be acceptable to client(s) per
ClientHello extension,
which encourages using the callback or choosing a popular curve like P-256.)
So, my understanding is that if the tmp_ecdh is set to a curve which
is not
On Thu, Oct 24, 2013 at 11:52:36PM -0700, Patrick Pelletier wrote:
(For EC, the specified curve must also be acceptable to client(s) per
ClientHello extension,
which encourages using the callback or choosing a popular curve like P-256.)
So, my understanding is that if the tmp_ecdh is set to
Hi,
I mean in a typical usage of OpenSSL is it mandatory to call
SSL_CTX_set_tmp_dh() if I callĀ SSL_CTX_use_certificate() andĀ
SSL_CTX_use_PrivateKey(). I know that for RSA keys, for example, the session
key exchange is done using the public keys of the client and server.
If my understanding is
On Fri, Oct 25, 2013 at 06:35:08AM -0700, LN wrote:
I mean in a typical usage of OpenSSL is it mandatory to call
SSL_CTX_set_tmp_dh() if I call SSL_CTX_use_certificate()
and SSL_CTX_use_PrivateKey().
No, this is optional.
I know that for RSA keys, for example, the session key exchange is
Is it recommended to specify and use DH parameters for server ?
I know that RSA encryption/decryption is slow and this is why RSA public keys
are used only for establishing the session key which is a symmetric key usually
because symetric key encryption is fast.
If the negotiated cipher suite
Do you mean SSL/TLS the protocols and OpenSSL the implementation?
For SSL when an ADH or EDH aka DHE suite is negotiated, the server must send
DH parameters
and its (nominally one-time) public key, and the client uses or at least
matches the parameters
and sends its (ditto) public key.
Hi,
I would suggest to have a copy of the same DH params before hand than to exchange during key exchange process because exchanging the key values always exposes you to the man-in-the-middle problem.
man-in-the-middle problem.
The Diffie-Hellman key exchange is vulnerable to a man-in-the-middle
11 matches
Mail list logo
